RubyGems - spree_api - Versions diffs - 3.0.10 → 3.1.0.rc1 - Mend

spree_api 3.0.10 → 3.1.0.rc1

Files changed (190) hide show

data/app/controllers/spree/api/orders_controller.rb DELETED Viewed

@@ -1,130 +0,0 @@
-module Spree
-  module Api
-    class OrdersController < Spree::Api::BaseController
-      skip_before_action :check_for_user_or_api_key, only: :apply_coupon_code
-      skip_before_action :authenticate_user, only: :apply_coupon_code
-      before_action :find_order, except: [:create, :mine, :current, :index, :update]
-      # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
-      Spree::Order.checkout_steps.keys.each do |step|
-        define_method step do
-          find_order
-          authorize! :update, @order, params[:token]
-        end
-      end
-      def cancel
-        authorize! :update, @order, params[:token]
-        @order.cancel!
-        respond_with(@order, :default_template => :show)
-      end
-      def create
-        authorize! :create, Spree::Order
-        order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
-          Spree.user_class.find(order_params[:user_id])
-        else
-          current_api_user
-        end
-        import_params = if @current_user_roles.include?("admin")
-          params[:order].present? ? params[:order].permit! : {}
-        else
-          order_params
-        end
-        @order = Spree::Core::Importer::Order.import(order_user, import_params)
-        respond_with(@order, default_template: :show, status: 201)
-      end
-      def empty
-        authorize! :update, @order, order_token
-        @order.empty!
-        render text: nil, status: 204
-      end
-      def index
-        authorize! :index, Order
-        @orders = Spree::Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-        respond_with(@orders)
-      end
-      def show
-        authorize! :show, @order, order_token
-        respond_with(@order)
-      end
-      def update
-        find_order(true)
-        authorize! :update, @order, order_token
-        if @order.contents.update_cart(order_params)
-          user_id = params[:order][:user_id]
-          if current_api_user.has_spree_role?('admin') && user_id
-            @order.associate_user!(Spree.user_class.find(user_id))
-          end
-          respond_with(@order, default_template: :show)
-        else
-          invalid_resource!(@order)
-        end
-      end
-      def current
-        @order = find_current_order
-        if @order
-          respond_with(@order, default_template: :show, locals: { root_object: @order })
-        else
-          head :no_content
-        end
-      end
-      def mine
-        if current_api_user.persisted?
-          @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-        else
-          render "spree/api/errors/unauthorized", status: :unauthorized
-        end
-      end
-      def apply_coupon_code
-        find_order
-        authorize! :update, @order, order_token
-        @order.coupon_code = params[:coupon_code]
-        @handler = Spree::PromotionHandler::Coupon.new(@order).apply
-        status = @handler.successful? ? 200 : 422
-        render "spree/api/promotions/handler", :status => status
-      end
-      private
-        def order_params
-          if params[:order]
-            normalize_params
-            params.require(:order).permit(permitted_order_attributes)
-          else
-            {}
-          end
-        end
-        def normalize_params
-          params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
-          params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
-          params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
-          params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address]
-          params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address]
-        end
-        def find_order(lock = false)
-          @order = Spree::Order.lock(lock).friendly.find(params[:id])
-        end
-        def find_current_order
-          current_api_user ? current_api_user.orders.incomplete.order(:created_at).last : nil
-        end
-        def order_id
-          super || params[:id]
-        end
-    end
-  end
-end

data/app/controllers/spree/api/payments_controller.rb DELETED Viewed

@@ -1,80 +0,0 @@
-module Spree
-  module Api
-    class PaymentsController < Spree::Api::BaseController
-      before_action :find_order
-      before_action :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void]
-      def index
-        @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-        respond_with(@payments)
-      end
-      def new
-        @payment_methods = Spree::PaymentMethod.available
-        respond_with(@payment_methods)
-      end
-      def create
-        @payment = @order.payments.build(payment_params)
-        if @payment.save
-          respond_with(@payment, status: 201, default_template: :show)
-        else
-          invalid_resource!(@payment)
-        end
-      end
-      def update
-        authorize! params[:action], @payment
-        if !@payment.editable?
-          render 'update_forbidden', status: 403
-        elsif @payment.update_attributes(payment_params)
-          respond_with(@payment, default_template: :show)
-        else
-          invalid_resource!(@payment)
-        end
-      end
-      def show
-        respond_with(@payment)
-      end
-      def authorize
-        perform_payment_action(:authorize)
-      end
-      def capture
-        perform_payment_action(:capture)
-      end
-      def purchase
-        perform_payment_action(:purchase)
-      end
-      def void
-        perform_payment_action(:void_transaction)
-      end
-      private
-        def find_order
-          @order = Spree::Order.friendly.find(order_id)
-          authorize! :read, @order, order_token
-        end
-        def find_payment
-          @payment = @order.payments.friendly.find(params[:id])
-        end
-        def perform_payment_action(action, *args)
-          authorize! action, Spree::Payment
-          @payment.send("#{action}!", *args)
-          respond_with(@payment, default_template: :show)
-        end
-        def payment_params
-          params.require(:payment).permit(permitted_payment_attributes)
-        end
-    end
-  end
-end

data/app/controllers/spree/api/product_properties_controller.rb DELETED Viewed

@@ -1,72 +0,0 @@
-module Spree
-  module Api
-    class ProductPropertiesController < Spree::Api::BaseController
-      before_action :find_product
-      before_action :product_property, only: [:show, :update, :destroy]
-      def index
-        @product_properties = @product.product_properties.accessible_by(current_ability, :read).
-                              ransack(params[:q]).result.
-                              page(params[:page]).per(params[:per_page])
-        respond_with(@product_properties)
-      end
-      def show
-        respond_with(@product_property)
-      end
-      def new
-      end
-      def create
-        authorize! :create, Spree::ProductProperty
-        @product_property = @product.product_properties.new(product_property_params)
-        if @product_property.save
-          respond_with(@product_property, status: 201, default_template: :show)
-        else
-          invalid_resource!(@product_property)
-        end
-      end
-      def update
-        if @product_property
-          authorize! :update, @product_property
-          @product_property.update_attributes(product_property_params)
-          respond_with(@product_property, status: 200, default_template: :show)
-        else
-          invalid_resource!(@product_property)
-        end
-      end
-      def destroy
-        if @product_property
-          authorize! :destroy, @product_property
-          @product_property.destroy
-          respond_with(@product_property, status: 204)
-        else
-          invalid_resource!(@product_property)
-        end
-      end
-      private
-        def find_product
-          @product = super(params[:product_id])
-          authorize! :read, @product
-        end
-        def product_property
-          if @product
-            @product_property ||= @product.product_properties.find_by(id: params[:id])
-            @product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first
-            authorize! :read, @product_property
-          end
-        end
-        def product_property_params
-          params.require(:product_property).permit(permitted_product_properties_attributes)
-        end
-    end
-  end
-end

data/app/controllers/spree/api/products_controller.rb DELETED Viewed

@@ -1,124 +0,0 @@
-module Spree
-  module Api
-    class ProductsController < Spree::Api::BaseController
-      def index
-        if params[:ids]
-          @products = product_scope.where(id: params[:ids].split(",").flatten)
-        else
-          @products = product_scope.ransack(params[:q]).result
-        end
-        @products = @products.distinct.page(params[:page]).per(params[:per_page])
-        expires_in 15.minutes, :public => true
-        headers['Surrogate-Control'] = "max-age=#{15.minutes}"
-        respond_with(@products)
-      end
-      def show
-        @product = find_product(params[:id])
-        expires_in 15.minutes, :public => true
-        headers['Surrogate-Control'] = "max-age=#{15.minutes}"
-        headers['Surrogate-Key'] = "product_id=1"
-        respond_with(@product)
-      end
-      # Takes besides the products attributes either an array of variants or
-      # an array of option types.
-      #
-      # By submitting an array of variants the option types will be created
-      # using the *name* key in options hash. e.g
-      #
-      #   product: {
-      #     ...
-      #     variants: {
-      #       price: 19.99,
-      #       sku: "hey_you",
-      #       options: [
-      #         { name: "size", value: "small" },
-      #         { name: "color", value: "black" }
-      #       ]
-      #     }
-      #   }
-      #
-      # Or just pass in the option types hash:
-      #
-      #   product: {
-      #     ...
-      #     option_types: ['size', 'color']
-      #   }
-      #
-      # By passing the shipping category name you can fetch or create that
-      # shipping category on the fly. e.g.
-      #
-      #   product: {
-      #     ...
-      #     shipping_category: "Free Shipping Items"
-      #   }
-      #
-      def create
-        authorize! :create, Spree::Product
-        params[:product][:available_on] ||= Time.now
-        set_up_shipping_category
-        options = { variants_attrs: variants_params, options_attrs: option_types_params }
-        @product = Spree::Core::Importer::Product.new(nil, product_params, options).create
-        if @product.persisted?
-          respond_with(@product, :status => 201, :default_template => :show)
-        else
-          invalid_resource!(@product)
-        end
-      end
-      def update
-        @product = find_product(params[:id])
-        authorize! :update, @product
-        options = { variants_attrs: variants_params, options_attrs: option_types_params }
-        @product = Spree::Core::Importer::Product.new(@product, product_params, options).update
-        if @product.errors.empty?
-          respond_with(@product.reload, :status => 200, :default_template => :show)
-        else
-          invalid_resource!(@product)
-        end
-      end
-      def destroy
-        @product = find_product(params[:id])
-        authorize! :destroy, @product
-        @product.destroy
-        respond_with(@product, :status => 204)
-      end
-      private
-        def product_params
-          params.require(:product).permit(permitted_product_attributes)
-        end
-        def variants_params
-          variants_key = if params[:product].has_key? :variants
-            :variants
-          else
-            :variants_attributes
-          end
-          params.require(:product).permit(
-            variants_key => [permitted_variant_attributes, :id],
-          ).delete(variants_key) || []
-        end
-        def option_types_params
-          params[:product].fetch(:option_types, [])
-        end
-        def set_up_shipping_category
-          if shipping_category = params[:product].delete(:shipping_category)
-            id = Spree::ShippingCategory.find_or_create_by(name: shipping_category).id
-            params[:product][:shipping_category_id] = id
-          end
-        end
-    end
-  end
-end

data/app/controllers/spree/api/promotions_controller.rb DELETED Viewed

@@ -1,26 +0,0 @@
-module Spree
-  module Api
-    class PromotionsController < Spree::Api::BaseController
-      before_action :requires_admin
-      before_action :load_promotion
-      def show
-        if @promotion
-          respond_with(@promotion, default_template: :show)
-        else
-          raise ActiveRecord::RecordNotFound
-        end
-      end
-      private
-        def requires_admin
-          return if @current_user_roles.include?("admin")
-          unauthorized and return
-        end
-        def load_promotion
-          @promotion = Spree::Promotion.find_by_id(params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
-        end
-    end
-  end
-end

data/app/controllers/spree/api/properties_controller.rb DELETED Viewed

@@ -1,70 +0,0 @@
-module Spree
-  module Api
-    class PropertiesController < Spree::Api::BaseController
-      before_action :find_property, only: [:show, :update, :destroy]
-      def index
-        @properties = Spree::Property.accessible_by(current_ability, :read)
-        if params[:ids]
-          @properties = @properties.where(id: params[:ids].split(",").flatten)
-        else
-          @properties = @properties.ransack(params[:q]).result
-        end
-        @properties = @properties.page(params[:page]).per(params[:per_page])
-        respond_with(@properties)
-      end
-      def show
-        respond_with(@property)
-      end
-      def new
-      end
-      def create
-        authorize! :create, Spree::Property
-        @property = Spree::Property.new(property_params)
-        if @property.save
-          respond_with(@property, status: 201, default_template: :show)
-        else
-          invalid_resource!(@property)
-        end
-      end
-      def update
-        if @property
-          authorize! :update, @property
-          @property.update_attributes(property_params)
-          respond_with(@property, status: 200, default_template: :show)
-        else
-          invalid_resource!(@property)
-        end
-      end
-      def destroy
-        if @property
-          authorize! :destroy, @property
-          @property.destroy
-          respond_with(@property, status: 204)
-        else
-          invalid_resource!(@property)
-        end
-      end
-      private
-        def find_property
-          @property = Spree::Property.accessible_by(current_ability, :read).find(params[:id])
-        rescue ActiveRecord::RecordNotFound
-          @property = Spree::Property.accessible_by(current_ability, :read).find_by!(name: params[:id])
-        end
-        def property_params
-          params.require(:property).permit(permitted_property_attributes)
-        end
-    end
-  end
-end